ID CVE-2008-3990Type cveReporter cve@mitre.orgModified 2017-08-08T01:32:00
Description
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2_OLAP_AW_AWUTIL, a different vulnerability than CVE-2008-3991.
{"id": "CVE-2008-3990", "bulletinFamily": "NVD", "title": "CVE-2008-3990", "description": "Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2_OLAP_AW_AWUTIL, a different vulnerability than CVE-2008-3991.", "published": "2008-10-14T21:11:00", "modified": "2017-08-08T01:32:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3990", "reporter": "cve@mitre.org", "references": ["http://www.securitytracker.com/id?1021050", "https://exchange.xforce.ibmcloud.com/vulnerabilities/45893", "http://secunia.com/advisories/32291", "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", "http://www.vupen.com/english/advisories/2008/2825"], "cvelist": ["CVE-2008-3990"], "type": "cve", "lastseen": "2019-05-29T18:09:28", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "a9cbea41b71bd65ced820c62bc6722c7"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "f2c7622116575eb131805acae03b7168"}, {"key": "cpe23", "hash": "006f6481a918f958aadb4eb258938b46"}, {"key": "cvelist", "hash": "2754d4d56d10f29af66f72edfed06f59"}, {"key": "cvss", "hash": "3a24dfd360218a9ca36afb3843751b95"}, {"key": "cvss2", "hash": "32971123fe0f3ad53ee94e62d001c800"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "d370d473ba1bd1721d669ef98e2aeebb"}, {"key": "description", "hash": "36f9d51aa511be05f962b9ae1665e9fe"}, {"key": "href", "hash": "0b3a47610bc77d28cda518654088cb94"}, {"key": "modified", "hash": "0642bcf7bad680b80e72766562fbc4a5"}, {"key": "published", "hash": "11a17c905d2d5c9819bb877a6dabc078"}, {"key": "references", "hash": "cd545d3f7514843377680eace91d7c97"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "87153ad9df9cdd348b7e05560dc3da4f"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "3f472b7ab65b287cce61446e29ee9ba0abd05d48cfc783beb67e2c109d4cbf81", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["ORACLE_RDBMS_CPU_OCT_2008.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2008-100299"]}, {"type": "seebug", "idList": ["SSV:4264"]}], "modified": "2019-05-29T18:09:28"}, "score": {"value": 4.4, "vector": "NONE", "modified": "2019-05-29T18:09:28"}, "vulnersScore": 4.4}, "objectVersion": "1.3", "cpe": ["cpe:/a:oracle:database_9i:9.2.0.8", "cpe:/a:oracle:database_9i:9.2.0.8dv", "cpe:/a:oracle:database_10g:10.1.0.5"], "affectedSoftware": [{"name": "oracle database_10g", "operator": "eq", "version": "10.1.0.5"}, {"name": "oracle database_9i", "operator": "eq", "version": "9.2.0.8"}, {"name": "oracle database_9i", "operator": "eq", "version": "9.2.0.8dv"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:oracle:database_9i:9.2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_9i:9.2.0.8dv:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_10g:10.1.0.5:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"]}
{"nessus": [{"lastseen": "2019-02-21T01:15:20", "bulletinFamily": "scanner", "description": "The remote Oracle database server is missing the October 2008 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :\n\n - Core RDBMS\n\n - Oracle Application Express\n\n - Oracle Data Capture\n\n - Oracle Data Mining\n\n - Oracle OLAP\n\n - Oracle Spatial\n\n - Upgrade\n\n - Workspace Manager", "modified": "2018-11-15T00:00:00", "id": "ORACLE_RDBMS_CPU_OCT_2008.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56062", "published": "2011-11-16T00:00:00", "title": "Oracle Database Multiple Vulnerabilities (October 2008 CPU)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (!defined_func(\"nasl_level\") || nasl_level() < 5000) exit(0, \"Nessus older than 5.x\");\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56062);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:21\");\n\n script_cve_id(\n \"CVE-2008-2624\",\n \"CVE-2008-2625\",\n \"CVE-2008-3976\",\n \"CVE-2008-3980\",\n \"CVE-2008-3982\",\n \"CVE-2008-3983\",\n \"CVE-2008-3984\",\n \"CVE-2008-3989\",\n \"CVE-2008-3990\",\n \"CVE-2008-3991\",\n \"CVE-2008-3992\",\n \"CVE-2008-3994\",\n \"CVE-2008-3995\",\n \"CVE-2008-3996\",\n \"CVE-2008-4005\"\n );\n script_bugtraq_id(31683);\n\n script_name(english:\"Oracle Database Multiple Vulnerabilities (October 2008 CPU)\");\n script_summary(english:\"Checks installed patch info\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle database server is missing the October 2008\nCritical Patch Update (CPU) and therefore is potentially affected by\nsecurity issues in the following components :\n\n - Core RDBMS\n\n - Oracle Application Express\n\n - Oracle Data Capture\n\n - Oracle Data Mining\n\n - Oracle OLAP\n\n - Oracle Spatial\n\n - Upgrade\n\n - Workspace Manager\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9a813466\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the October 2008 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"oracle_rdbms_cpu_func.inc\");\ninclude(\"misc_func.inc\");\n\n################################################################################\n# OCT2008\npatches = make_nested_array();\n\n# RDBMS 11.1.0.6\npatches[\"11.1.0.6\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"11.1.0.6.4\", \"CPU\", \"7375639\");\npatches[\"11.1.0.6\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"11.1.0.6.7\", \"CPU\", \"7378392\");\npatches[\"11.1.0.6\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"11.1.0.6.7\", \"CPU\", \"7378393\");\n# RDBMS 10.1.0.5\npatches[\"10.1.0.5\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.1.0.5.12\", \"CPU\", \"7375686\");\npatches[\"10.1.0.5\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.1.0.5.28\", \"CPU\", \"7367493\");\n# RDBMS 10.2.0.4\npatches[\"10.2.0.4\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.2.0.4.0.2\", \"CPU\", \"7375644\");\npatches[\"10.2.0.4\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.2.0.4.9\", \"CPU\", \"7386320\");\npatches[\"10.2.0.4\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"10.2.0.4.9\", \"CPU\", \"7386321\");\n# RDBMS 10.2.0.3\npatches[\"10.2.0.3\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.2.0.3.8\", \"CPU\", \"7369190\");\npatches[\"10.2.0.3\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"10.2.0.3.27\", \"CPU\", \"7353782\");\npatches[\"10.2.0.3\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"10.2.0.3.27\", \"CPU\", \"7353785\");\n# RDBMS 10.2.0.2\npatches[\"10.2.0.2\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"10.2.0.2.11\", \"CPU\", \"7375660\");\n\ncheck_oracle_database(patches:patches);\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oracle": [{"lastseen": "2019-05-29T18:21:14", "bulletinFamily": "software", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\nDue to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 36 new security fixes across all products.\n", "modified": "2009-09-03T00:00:00", "published": "2008-10-14T00:00:00", "id": "ORACLE:CPUOCT2008-100299", "href": "", "title": "CPUOct2008 Advisory", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T21:23:34", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 31683\r\nCVE(CAN) ID: CVE-2008-4008,CVE-2008-4009,CVE-2008-4010,CVE-2008-4011,CVE-2008-4012,CVE-2008-4013,CVE-2008-4000,CVE-2008-4001,CVE-2008-4002,CVE-2008-4003,CVE-2008-4004,CVE-2008-3985,CVE-2008-3988,CVE-2008-3998,CVE-2008-3619,CVE-2008-3993,CVE-2008-3975,CVE-2008-3977,CVE-2008-3588,CVE-2008-3986,CVE-2008-3987,CVE-2008-3989,CVE-2008-2624,CVE-2008-3996,CVE-2008-3992,CVE-2008-3976,CVE-2008-3982,CVE-2008-3983,CVE-2008-3984,CVE-2008-3994,CVE-2008-3980,CVE-2008-4005,CVE-2008-2625,CVE-2008-3990,CVE-2008-3991\r\n\r\nOracle Database\u662f\u4e00\u6b3e\u5546\u4e1a\u6027\u8d28\u5927\u578b\u6570\u636e\u5e93\u7cfb\u7edf\u3002\r\n\r\nOracle\u53d1\u5e03\u4e862008\u5e747\u6708\u7684\u7d27\u6025\u8865\u4e01\u66f4\u65b0\u516c\u544a\uff0c\u4fee\u590d\u4e86\u591a\u4e2aOracle\u4ea7\u54c1\u4e2d\u7684\u591a\u4e2a\u6f0f\u6d1e\u3002\u8fd9\u4e9b\u6f0f\u6d1e\u5f71\u54cdOracle\u4ea7\u54c1\u7684\u6240\u6709\u5b89\u5168\u5c5e\u6027\uff0c\u53ef\u5bfc\u81f4\u672c\u5730\u548c\u8fdc\u7a0b\u7684\u5a01\u80c1\u3002\u5176\u4e2d\u4e00\u4e9b\u6f0f\u6d1e\u53ef\u80fd\u9700\u8981\u5404\u79cd\u7ea7\u522b\u7684\u6388\u6743\uff0c\u4f46\u4e5f\u6709\u4e9b\u4e0d\u9700\u8981\u4efb\u4f55\u6388\u6743\u3002\u6700\u4e25\u91cd\u7684\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u5b8c\u5168\u5165\u4fb5\u6570\u636e\u5e93\u7cfb\u7edf\u3002\u76ee\u524d\u5df2\u77e5\u7684\u6f0f\u6d1e\u5305\u62ec\uff1a\r\n\r\nBEA WebLogic Workshop\u4e2d\u6709\u5173NetUI\u6807\u7b7e\u7684\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002\r\n\r\nBEA WebLogic Server\u5728\u4f7f\u7528\u591a\u4e2a\u6388\u6743\u8005\uff08\u5982XACMLAuthorizer\u548cDefaultAuthorizer\uff09\u65f6\u7684\u9519\u8bef\u53ef\u80fd\u5141\u8bb8\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u3002\r\n\r\nApache\u7684WebLogic\u63d2\u4ef6\u4e2d\u7684\u9519\u8bef\u53ef\u80fd\u5bfc\u81f4\u5b8c\u5168\u7684\u7cfb\u7edf\u5165\u4fb5\u3002\r\n\r\n\u5c06Bea WebLogic Server 8.1SP3\u5347\u7ea7\u5230\u66f4\u9ad8\u7248\u672c\u53ef\u80fd\u5bfc\u81f4\u65e0\u6548\u7528\u6237\u53ef\u4ee5\u4f7f\u7528\u4e4b\u524d\u53d7\u4fdd\u62a4\u7684\u5e94\u7528\u3002\u6210\u529f\u653b\u51fb\u8981\u6c42\u4f7f\u7528\u4e86CLIENT-CERT\u8ba4\u8bc1\u65b9\u5f0f\u3002\n\nOracle Application Server 9.0.4.3\r\nOracle Application Server 10.1.3.4.0\r\nOracle Application Server 10.1.3.0.0\r\nOracle Application Server 10.1.2.3.0 \r\nOracle Application Server 10.1.2.2.0\r\nOracle E-Business Suite 12.0.4\r\nOracle E-Business Suite 11.5.10.2\r\nOracle Database 9.2.0.8DV \r\nOracle Database 9.2.0.8\r\nOracle Database 11.1.0.6 \r\nOracle Database 10.2.0.4\r\nOracle Database 10.2.0.3\r\nOracle Database 10.2.0.2\r\nOracle Database 10.1.0.5\r\nOracle JD Edwards EnterpriseOne Tools 8.98\r\nOracle JD Edwards EnterpriseOne Tools 8.97\r\nOracle PeopleSoft Enterprise PeopleTools 8.49.14 \r\nOracle PeopleSoft Enterprise PeopleTools 8.48.18\r\nOracle WebLogic Server 9.2\r\nOracle WebLogic Server 9.1\r\nOracle WebLogic Server 9.0\r\nOracle WebLogic Server 8.1\r\nOracle WebLogic Server 7.0\r\nOracle WebLogic Server 6.1\r\nOracle WebLogic Server 10.0\r\nOracle PeopleSoft Enterprise Portal 9.0\r\nOracle PeopleSoft Enterprise Portal 8.9\r\nOracle Workshop for WebLogic 9.2\r\nOracle Workshop for WebLogic 9.1\r\nOracle Workshop for WebLogic 9.0\r\nOracle Workshop for WebLogic 8.1\r\nOracle Workshop for WebLogic 10.3 GA \r\nOracle Workshop for WebLogic 10.2 GA\r\nOracle Workshop for WebLogic 10.0\r\n\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nOracle\r\n------\r\nOracle\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08cpuoct2008\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\ncpuoct2008\uff1aOracle Critical Patch Update Advisory - October 2008\r\n\u94fe\u63a5\uff1a<a href=http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html?_template=/o target=_blank>http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html?_template=/o</a>", "modified": "2008-10-20T00:00:00", "published": "2008-10-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4264", "id": "SSV:4264", "type": "seebug", "title": "Oracle 2008\u5e7410\u6708\u7d27\u6025\u8865\u4e01\u66f4\u65b0\u4fee\u590d\u591a\u4e2a\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
